Author: adityasharma
Date: Sat Jul 27 06:43:12 2019
New Revision: 1863838
URL:
http://svn.apache.org/viewvc?rev=1863838&view=revLog:
Fixed: Check embedded Javascript libs vulnerabilities using retire.js
(OFBIZ-10678)
1. For solving CVE-2019-11358, upgraded jQuery to 3.4.1
2. Replaced library Fancybox with Featherlight. Added custom css so that cursor for links becomes pointer
Thanks Jacques Le Roux for the reviews
Added:
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/jquery-3.4.1.js (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/jquery-3.4.1.min.js
- copied unchanged from r1862210, ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-3.4.1.min.js
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.css (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.js (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.min.css (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.min.js (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.css (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.js (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.css (with props)
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.js (with props)
Removed:
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/jquery-3.2.1.js
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/jquery-3.2.1.min.js
ofbiz/ofbiz-framework/trunk/themes/common-theme/webapp/common/js/jquery/plugins/fancybox/
Modified:
ofbiz/ofbiz-framework/trunk/themes/bluelight/webapp/bluelight/style.css
ofbiz/ofbiz-framework/trunk/themes/common-theme/template/includes/ListVisualThemes.ftl
ofbiz/ofbiz-framework/trunk/themes/common-theme/widget/CommonScreens.xml
ofbiz/ofbiz-framework/trunk/themes/common-theme/widget/Theme.xml
ofbiz/ofbiz-framework/trunk/themes/flatgrey/webapp/flatgrey/style.css
ofbiz/ofbiz-framework/trunk/themes/rainbowstone/webapp/rainbowstone/style.css
ofbiz/ofbiz-framework/trunk/themes/tomahawk/webapp/tomahawk/css/style.css
Modified: ofbiz/ofbiz-framework/trunk/themes/bluelight/webapp/bluelight/style.css
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/bluelight/webapp/bluelight/style.css?rev=1863838&r1=1863837&r2=1863838&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/themes/bluelight/webapp/bluelight/style.css (original)
+++ ofbiz/ofbiz-framework/trunk/themes/bluelight/webapp/bluelight/style.css Sat Jul 27 06:43:12 2019
@@ -4068,3 +4068,7 @@ html > /**/ body .jstree-default a {
border-color: #848484 #c1c1c1 #e1e1e1;
min-height: unset !important;
}
+/* The custom CSS to show mouse pointer on links using featherlight plugin */
+a[data-featherlight] {
+ cursor: pointer;
+}
\ No newline at end of file
Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/template/includes/ListVisualThemes.ftl
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/common-theme/template/includes/ListVisualThemes.ftl?rev=1863838&r1=1863837&r2=1863838&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/themes/common-theme/template/includes/ListVisualThemes.ftl (original)
+++ ofbiz/ofbiz-framework/trunk/themes/common-theme/template/includes/ListVisualThemes.ftl Sat Jul 27 06:43:12 2019
@@ -23,26 +23,6 @@ margin: 1em;
}
</style>
-->
-
-<script type="application/javascript" src="/common/js/jquery/plugins/fancybox/jquery.fancybox-3.2.3.min.js"></script>
-<link rel="stylesheet" href="/common/js/jquery/plugins/fancybox/jquery.fancybox-3.2.3.min.css" type="text/css" media="screen"/>
-
-<script type="application/javascript">
- $(document).ready(function () {
- $("a#single_image").fancybox();
- $("a#inline").fancybox({
- 'hideOnContentClick': true
- });
- $("a.group").fancybox({
- 'transitionIn': 'elastic',
- 'transitionOut': 'elastic',
- 'speedIn': 600,
- 'speedOut': 200,
- 'overlayShow': false
- });
- });
-</script>
-
<div class="screenlet" style="margin: 1em;">
<div class="screenlet-title-bar">
<ul>
@@ -75,7 +55,7 @@ margin: 1em;
<td>
<#if visualTheme.getScreenshots()?has_content>
<#list visualTheme.getScreenshots() as screenshot>
- <a id="single_image" href="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>"><img
+ <a data-featherlight="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>"><img
src="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>" width="150"
alt=""/></a>
</#list>
Locked
